diff --git a/main.tf b/main.tf
index 1c32d37..c9d1fe5 100644
--- a/main.tf
+++ b/main.tf
@@ -19,14 +19,15 @@ data "aws_iam_policy_document" "trustrel" {
     }
   }
 
-  statement {
-    effect  = "Allow"
-    actions = ["sts:AssumeRoleWithWebIdentity"]
-    dynamic "principals" {
-      for_each = { for k, v in var.principals : k => v if contains(["federated"], k) }
-      content {
-        type        = lower(principals.key) == "federated" ? "Federated" : title(principals.key)
-        identifiers = principals.value
+
+  dynamic "statement" {
+    for_each = { for k, v in var.principals : k => v if contains(["federated"], k) }
+    content {
+      effect  = "Allow"
+      actions = ["sts:AssumeRoleWithWebIdentity"]
+      principals {
+        type        = title(statement.key)
+        identifiers = statement.value
       }
     }
   }
diff --git a/variables.tf b/variables.tf
index a94c62d..57db8c4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -2,11 +2,6 @@
 
 variable "principals" {
   description = "The map of trust relationship to allow them to assume roles in this role"
-  default = {
-    aws       = ["336686831133"]
-    service   = [""]
-    federated = [""]
-  }
 }
 
 variable "policy_arn" {